third_party/WebKit/Source/core/dom/Document.cpp - Issue 2691083006: The security check in document.open should test for same-origin

Side by Side Diff: third_party/WebKit/Source/core/dom/Document.cpp

Issue 2691083006: The security check in document.open should test for same-origin (Closed)

Patch Set: Created 3 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

« third_party/WebKit/LayoutTests/fast/parser/resources/document-open-in-unload-inner.html ('K') | « third_party/WebKit/LayoutTests/fast/parser/resources/document-open-in-unload-inner.html ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 /*	1 /*

2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org)	2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org)

3 * (C) 1999 Antti Koivisto (koivisto@kde.org)	3 * (C) 1999 Antti Koivisto (koivisto@kde.org)

4 * (C) 2001 Dirk Mueller (mueller@kde.org)	4 * (C) 2001 Dirk Mueller (mueller@kde.org)

5 * (C) 2006 Alexey Proskuryakov (ap@webkit.org)	5 * (C) 2006 Alexey Proskuryakov (ap@webkit.org)

6 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2011, 2012 Apple Inc. All	6 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2011, 2012 Apple Inc. All

7 * rights reserved.	7 * rights reserved.

8 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved.	8 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved.

9 * (http://www.torchmobile.com/)	9 * (http://www.torchmobile.com/)

10 * Copyright (C) 2008, 2009, 2011, 2012 Google Inc. All rights reserved.	10 * Copyright (C) 2008, 2009, 2011, 2012 Google Inc. All rights reserved.

(...skipping 2622 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
2633 return;	2633 return;

2634 }	2634 }

2635	2635

2636 if (m_throwOnDynamicMarkupInsertionCount) {	2636 if (m_throwOnDynamicMarkupInsertionCount) {

2637 exceptionState.throwDOMException(	2637 exceptionState.throwDOMException(

2638 InvalidStateError, "Custom Element constructor should not use open().");	2638 InvalidStateError, "Custom Element constructor should not use open().");

2639 return;	2639 return;

2640 }	2640 }

2641	2641

2642 if (enteredDocument) {	2642 if (enteredDocument) {

2643 if (!getSecurityOrigin()->canAccess(enteredDocument->getSecurityOrigin())) {	2643 if (!getSecurityOrigin()->isSameSchemeHostPortAndSuborigin(

	2644 enteredDocument->getSecurityOrigin())) {

2644 exceptionState.throwSecurityError(	2645 exceptionState.throwSecurityError(

2645 "Can only call open() on same-origin documents.");	2646 "Can only call open() on same-origin documents.");

2646 return;	2647 return;

2647 }	2648 }

2648 setSecurityOrigin(enteredDocument->getSecurityOrigin());	2649 setSecurityOrigin(enteredDocument->getSecurityOrigin());

2649 setURL(enteredDocument->url());	2650 setURL(enteredDocument->url());

2650 m_cookieURL = enteredDocument->cookieURL();	2651 m_cookieURL = enteredDocument->cookieURL();

2651 }	2652 }

2652	2653

2653 open();	2654 open();

(...skipping 3933 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
6587 }	6588 }

6588	6589

6589 void showLiveDocumentInstances() {	6590 void showLiveDocumentInstances() {

6590 WeakDocumentSet& set = liveDocumentSet();	6591 WeakDocumentSet& set = liveDocumentSet();

6591 fprintf(stderr, "There are %u documents currently alive:\n", set.size());	6592 fprintf(stderr, "There are %u documents currently alive:\n", set.size());

6592 for (blink::Document* document : set)	6593 for (blink::Document* document : set)

6593 fprintf(stderr, "- Document %p URL: %s\n", document,	6594 fprintf(stderr, "- Document %p URL: %s\n", document,

6594 document->url().getString().utf8().data());	6595 document->url().getString().utf8().data());

6595 }	6596 }

6596 #endif	6597 #endif

OLD	NEW